diff --git a/flake.lock b/flake.lock index 0a5b640..9a8bf28 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1722259498, - "narHash": "sha256-85jL6CvmxPloZDL313Eezu8mcEeGM+YzonlYyshz3w0=", + "lastModified": 1722808247, + "narHash": "sha256-86DGPkJh8dXSS/M5F6a0M7roGdn3QSTGY0X5fUyZk/M=", "ref": "refs/heads/main", - "rev": "108f2efee01541c9680a8ec38666609e4e3e56cc", - "revCount": 56, + "rev": "1cc4e1ea861931fccbfd7d7ca8e364ca277138d6", + "revCount": 57, "type": "git", "url": "file:./nix-secrets" }, diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index 46cbe13..6e7bebc 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -14,6 +14,7 @@ let config.secrets.services.forgejo.url config.secrets.services.gremlin-lab.url config.secrets.services.jellyfin.url + config.secrets.services.netdata.url ]; namecheapCredentials = { @@ -176,6 +177,11 @@ in }; }; msmtp.enable = true; + netdata = { + enable = true; + domain = config.secrets.networking.primaryDomain; + url = config.secrets.services.netdata.url; + }; nginx = { enable = true; autostart = false; diff --git a/modules/services/netdata.nix b/modules/services/netdata.nix new file mode 100644 index 0000000..c3bcd36 --- /dev/null +++ b/modules/services/netdata.nix @@ -0,0 +1,79 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.aux.system.services.netdata; +in +{ + options = { + aux.system.services.netdata = { + enable = lib.mkEnableOption "Enables Netdata monitoring."; + auth = { + user = lib.mkOption { + default = "netdata"; + type = lib.types.str; + description = "Username for basic auth."; + }; + password = lib.mkOption { + default = ""; + type = lib.types.str; + description = "Password for basic auth."; + }; + }; + domain = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The root domain that Netdata will be hosted on."; + example = "example.com"; + }; + url = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The complete URL where Netdata is hosted."; + example = "https://netdata.example.com"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services = { + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + basicAuth = { + "${cfg.auth.user}" = cfg.auth.password; + }; + locations."/" = { + proxyPass = "http://127.0.0.1:19999"; + proxyWebsockets = true; + extraConfig = '' + # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://backend; + proxy_http_version 1.1; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + ''; + }; + }; + + netdata = { + enable = true; + enableAnalyticsReporting = false; + configDir = { + # Enable nvidia-smi: https://nixos.wiki/wiki/Netdata#nvidia-smi + "python.d.conf" = pkgs.writeText "python.d.conf" '' + nvidia_smi: yes + ''; + }; + }; + }; + systemd.services.nginx.wants = [ config.systemd.services.netdata.name ]; + }; +} diff --git a/nix-secrets b/nix-secrets index 108f2ef..1cc4e1e 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 108f2efee01541c9680a8ec38666609e4e3e56cc +Subproject commit 1cc4e1ea861931fccbfd7d7ca8e364ca277138d6